skin color theme

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Another HJT log

The main symptoms I can see are various pop up windows in IE. They are usually called things like "internet security center", however this does vary. The content of this pages usually include what I guess are links to downloads masking themselves as virus and spyware solutions, but are actually links to other malware. These pages also display information like an IP address or an OS version.

Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.

Once the setup is complete you will need run AVG and update the definition files.

On the main screen select the icon Update then select the Update now link.

Next select the Start Update button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.

Once in the Settings screen click on Recommended actions and then select Quarantine<-- Dont forget this

Under Reports

Select Automatically generate report after every scan

Un-Select Only if threats were found

Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

Sorry that I didn't mention this before. The computer in question is not my own, it belongs to a neighbour. I will be getting feedback to whether or not the actions carried out have eliminated the original pop up problem in the next 12-24 hours, and I'm absolutely sure that the actions you advised have improved things greatly; the spyware scan seemed very thorough and found various items Iím happy are no longer present.

AVG basically found nothing bad just some bad files in your System Restore Program so we need to flush that out and create a New Restore Point.

The rest of your log looks fine

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

Right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore on all Drives.

Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

Right-click My Computer.

ClickProperties.

Click the System Restore tab.

UN-Check Turn off System Restore on all Drives.

Click Apply, and then click OK.

Create a new Restore Point <-- Very Important

Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore PointYou can name the restore point anything you like, something that you can remember, You will have to be in Catagory View to see this

Thanks again for your help Ken
I have carried out the instructions regarding system restore, it went smoothly and the java update is installed.
The original pop up problem has been resolved as far as I can tell from the feedback I've received, and the system as a whole seems to be running much quicker, especially on start up.
I would be very grateful for any tools and tips you suggest, and also, what your opinion of a good set of tools for general windows performace and security would be.
Thanks alot
- Jimmy

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 March 2007 - 10:35 AM

Here ya go Jimmy, glad things are well

You can install all the spware programs on this list, they won't conflict with each other, on the other hand, make sure you never install more than one Anti Virus Program and only One firewall. If you use a third party firewall you need to turn the windows firewall off.

Go to Start> Control Panel ( make sure your in Classic View )Windows Firewall and make sure its off. Norton may have already done that on install but it does not hurt to check.

Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.

Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.

IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.